Concat Identity Assertion Provider

The Concat identity assertion provider allows for composition of a new user principal
through the concatenation of optionally configured prefix and/or suffix provider parameters.
This is a useful assertion provider for converting an incoming identity into a disambiguated
identity within the cluster based on what topology is used to access.

Concat Identity Assertion is a new provider for the Knox Gateway that enables you to
map principals by concatenating strings to either the front or the back of a
specified username. The Identity Assertion Provider provides the critical function
of determining the Identity Principal that you will want to use in your cluster to
represent the identity that has been authenticated at the gateway. For more
information on the Identity Assertion Provider and how it is used in the Knox
Gateway, refer to the Identity Assertion chapter in the Apache Knox 0.11.x User
Guide. If you would like to convert the user principal into a value that represents
an identity from a particular user domain, use a configuration similar to the below
example.

Notice in this example that the identity-assertion role has been
named Concat and has been enabled (true) for the Identity Assertion
Provider, with the conact.suffix parameter given a value of
domain1 and concatenation will occur at the end of the username
(concat.suffix). You may also use a parameter called
concat.prefix to indicate a value to concatenate to the front
of the username.